Ebola Virus Used in Distributing Dark Comet

 Analysis by: Michael Angelo Casayuran

Cybercriminals often leveraged what are popular and newsworthy items as part of their social engineering tactic. Case in point, we spotted spam samples that used the topic of Ebola to lure users into opening it. The said email message purports to come from World Health Organization and informs users about some safety tips to prevent being infected with Ebola. Based on the header analysis on the mail samples their origin is in the United States.

The spam samples come in two variants, the first one has an attached archive with an executable file. The second variant has a link that will redirect to a file hosting website where the same executable can be downloaded. The downloaded file is already detected as by Trend Micro BKDR_DARKOMET.M.

Users are strongly advised to examine and verify first the emails that they received even if it seemingly came from legitimate sources. Trend Micro protects users from this spam run via its Smart Protection Network that detects the spam and malware.

 SPAM BLOCKING DATE / TIME: October 25, 2014 GMT-8
  • PATTERN:1050